Vulnerabilities (CVE)

Filtered by CWE-89
Total 15527 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4142 1 Ephpscripts 1 E-php Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2673 1 Censura 1 Censura 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.
CVE-2008-6484 1 Mole-group 1 Taxi Calc Dist Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2008-3452 1 Endonesia 2 Calendar Module, Endonesia 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
CVE-2008-2757 1 Xigla 1 Absolute News Manager Xe 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-6461 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2778 1 Revokesoft 1 Revokebb 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-6255 1 Vbulletin 1 Vbulletin 2025-04-09 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.
CVE-2008-4570 1 Real-estate-scripts 1 Real-estate-scripts 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-0739 1 Shoppingtree 1 Candypress Store 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.
CVE-2008-5727 1 Netcat 1 Netcat 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2008-4369 1 Availscript 1 Availscript Photo Album 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2008-4204 1 Softacid 1 Hotel Reservation System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4881 1 Psi-labs 1 Social Networking Script Psisns 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2008-2504 1 Simpel Side 1 Netbutik 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
CVE-2008-3245 1 Cable-modems 1 Phphoo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
CVE-2009-2619 1 Datachecknh 1 V-spacepal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5992 1 Datecomm 1 Social Networking Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.